PT-2026-4929 · Laravel · Laravel Nova
Iqzer0
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2020-36950
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Laravel Nova version 3.7.0
Description
Laravel Nova version 3.7.0 has a condition that allows authenticated users to cause a denial of service. This occurs by manipulating the
range parameter and sending requests with a very large value, which can overwhelm the server and cause it to crash.Recommendations
Apply a fix that appropriately validates and limits the acceptable values for the
range parameter.Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Laravel Nova